KR20120084184A - A smartphone malicious code blocking method based on white list and the recording medium thereof - Google Patents

A smartphone malicious code blocking method based on white list and the recording medium thereof Download PDF

Info

Publication number
KR20120084184A
KR20120084184A KR1020110005583A KR20110005583A KR20120084184A KR 20120084184 A KR20120084184 A KR 20120084184A KR 1020110005583 A KR1020110005583 A KR 1020110005583A KR 20110005583 A KR20110005583 A KR 20110005583A KR 20120084184 A KR20120084184 A KR 20120084184A
Authority
KR
South Korea
Prior art keywords
application
white list
smartphone
installation
malicious code
Prior art date
Application number
KR1020110005583A
Other languages
Korean (ko)
Inventor
박길철
김용태
이기정
Original Assignee
한남대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한남대학교 산학협력단 filed Critical 한남대학교 산학협력단
Priority to KR1020110005583A priority Critical patent/KR20120084184A/en
Publication of KR20120084184A publication Critical patent/KR20120084184A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/006Identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0745Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in an input/output transactions management context
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephone Function (AREA)

Abstract

A white list-based smartphone malware blocking method and recording medium for registering an application that can be installed on a smartphone in a server on a white list and storing the application that is registered in the white list on a smartphone, the method comprising: (a) Monitoring whether a new application is installed on the smartphone; (b) if the installation of the application is detected, extracting identification information of the application; (c) transmitting the identification information of the application to the server; (d) receiving a result from the server determining whether the application is registered in the white list; And (e) if the application is registered in the white list, proceeding with the installation of the application.
By the above devices and methods, by blocking or withholding the installation of malicious applications that may infect malware on the smartphone, the installation of unvalidated applications prevents the smartphone from being infected with malware and improves the security level. It can increase.

Description

A smartphone malicious code blocking method based on white list and the recording medium

The present invention relates to a white list-based smart phone malicious code blocking method and a recording medium in which a server registers and installs an application installable on a smartphone in a white list, and installs only an application registered in the white list on a smartphone.

In addition, the present invention protects the smartphone from malicious code and malicious applications that threaten information protection in the smartphone environment, and white list-based smart to prevent information leakage or secondary damage caused by malware infection It relates to a phone malicious code blocking method and a recording medium thereof.

In addition, the present invention develops an application that operates on a smartphone operating as an open source OS based on a built-in white list DB, so that only the installation of a verified application is allowed, thereby potentially infecting malicious code. The present invention relates to a white list-based smartphone malicious code blocking method and a recording medium which prevents malicious code infection by blocking an unvalidated smartphone application or suspending installation.

In general, an operating system of a mobile terminal may be classified into a Real Time OS (RTOS) and a General Purpose OS (GPOS). In general, RTOS is classified as a dedicated operating system of a voice-oriented terminal such as REX, and GPOS is classified as a general-purpose operating system installed in a terminal such as a smartphone.

Mobile terminals equipped with RTOS provide a variety of middleware, including Java VM, BREW, WIPI, Mocha, and infineon. The terminal basic software includes a communication function and an operating system for a voice call. CDMA uses REX and GSM uses Nucleus and Kadak as the basic operating systems. The hardware diversity along with the functional diversity of mobile applications has pushed the RTOS to handle a variety of multimedia in mobile environments.

Therefore, the mobile operating system was developed in the direction of optimizing for mobile while maintaining the PC-class operating system structure, and the emergence of smart phone was made. As mobile devices have evolved from feature phones to smartphones, the development of mobile platforms has accelerated, leading Microsoft to commercialize Windows Mobile, Apple to iPhone, and Google to Android platforms. They partially support multitasking, so they are better in performance than traditional feature phones, and are open architectures that provide a standardized development environment for all users and developers in a closed architecture that develops their own applications according to an open environment. It is developing. In particular, mobile platform providers such as Apple and Google focus on building a virtuous cycle that encourages the development and use of many applications through open markets based on their mobile operating systems, and encourages more users to develop more applications. have.

Mobile terminals are also exposed to various security threats, and mobile security technologies are continuously emerging to cope with them. However, with the development of mobile terminals, the security threats of smartphones due to mobile malware continue to increase with the activation of networking services. Attack tools that attack smartphones have a variety of intrusion methods and purposes. Attack types of smartphones are mainly attempted for the purpose of device malfunction, information leakage, and financial gain.

Mobile malware is rapidly increasing in size with the growth of mobile devices, and threat factors are diversifying. The reason for the increase in mobile malware is the increase in the number of open terminals that can produce and distribute malicious codes for malicious purposes, and provide cellular communication methods such as W-CDMA and CDMA-2000, while providing Bluetooth, Wi-Fi and USB. This can be attributed to the diversification of external connections. Mobile malware is changing from the early simple propagation or paralyzing the functional operation of the terminal for the purpose of personal information leakage and financial gain. Reflecting the characteristics of the main activities of mobile malware existing to date, it can be classified into the following five types.

Battery-consuming malware is a type of attack that drains the battery by continually consuming the power of the terminal. Cabir, the first mobile malware to spread via Bluetooth, is a prime example. Cabir does not cause the invasion of the terminal, but continuously scans the Bluetooth of nearby terminals, and has the characteristic of spreading malicious codes through Bluetooth. Infected terminals are subject to battery depletion through continuous scanning.

Terminal failure-inducing malware is a type of attack that makes the use of a terminal impossible or causes a failure. Skulls is a type of device paralyzing malware that paralyzes the device. Changes all menu icons to skeletons and disables add-ons other than calls. Locknut has the characteristic of breaking some key buttons of the terminal. In addition, Gavno appeared to paralyze the transmission and reception of telephones.

Information leakage malware is a type of attack that leaks information of infected terminals or user information to the outside. Infojack is installed with the .cab installation file when legitimate applications are downloaded to the terminal. After installation, Infojack connects to a specific web server and downloads and reinstalls the rest of Infojack. After the installation is completed, the terminal's security settings are changed and the terminal's serial number, OS, and installed applications are transmitted to the outside to facilitate the secondary attack. Malware that leaks user information to the outside is Flexispy, PBStealer. Flexispy is a commercial malware in the form of spyware that has the ability to send phone logs and text messages from a smartphone to a specific web server.

Billing-induced malware is a type of attack that generates billing by continuously attempting a message service or phone attempt. In the case of RedBrowser for J2ME platform made in Russia, the infected terminal is a malicious code that causes monetary damages to users by sending SMS to unspecified users without the user's knowledge. In addition, the Kiazha malware found in China has appeared a malicious code that deletes text messages stored on the terminal along with a warning message asking the user for money on the infected terminal screen.

Cross-platform malware is a type of attack that infects PCs via mobile devices. Cardtrap.A is the first cross-platform malware to copy the Windows worm to the phone's memory card, which automatically infects the PC through autorun when the infected phone memory card is inserted into the PC, thereby deleting data or reducing performance. Make. It has a new type of attack in that it infects a PC on a mobile device rather than spread among mobile devices.

 Open mobile terminals are capable of producing various contents because anyone can produce or distribute contents. This may be an advantage, but security threats in mobile environments are expected to increase due to the possibility of producing and distributing applications containing malicious code. The security aspects of applications designed for the safe use of mobile devices in an open mobile environment are summarized by smartphone OS as follows.

First of all, Google's Android OS is a Linux-based OS that has many similarities to Linux security policy. When the application is installed in the terminal is given a unique USER ID and GROUP ID. By default, files created by an application to which a user ID is assigned cannot be read or written by an application with a different user ID. If there is a system resource that the application wants to use, the system resource to be used should be entered in <usespermission> tag of AndroidManifetst.xml file in the application development stage to declare the required permission. An application installed without input limits the use of system resources by the terminal. Every Android application must sign with its private key using the developer's certificate. The certificate is used only to prove the identity of the application developer and does not need to be issued by a trusted certificate authority. Self-signed certificates are also available. Therefore, the security policy is not higher than that of Symbian and Windows Mobile, and since the OS source code is disclosed, it is expected to be more vulnerable than other commercial mobile OS.

In Microsoft's Windows Mobile 6 security model, permission is determined by the permission policy of the application. Developers wishing to deploy applications on Windows Mobile 6 devices must undergo code certification by Microsoft. The permissions of the application are divided into Privileged, Normal, and Block as follows. "Privileged" is a "Trusted" permission that allows all API calls to access system resources, writes to all areas of the registry, and accesses to all files, and "Normal" means some APIs cannot be called. Writing to the registry or file in the protected area is an "Untrusted" permission. "Blocked" is a "Locked" permission that does not allow the application to run. Permissions are determined by the level of the certificate when signing the code (signing).

White list is a service that is performed based on a list of verified applications unlike vaccines using a DB based on a conventional black list based on a reputation-based service.

In the past, the purpose of reputation-based technologies or services was to define the characteristics of a product or program based on the user's evaluation, but the current reputation-based technologies aim to cope with malware that has not been collected / analyzed. do.

Reputation-based products will be installed in commercial security products as the core of smartphone terminal security. Traditionally, as soon as malicious code emerged, it has focused on preventing damage to the minimum so that the first one or two people can't spread anymore. Each security company runs a network, community, etc. that collects samples automatically, with the explicit consent of the customer, to collect them quickly.

However, unlike the previous computer crashed or slowed down, the current malware performs its purpose after infiltration without the user's knowledge. In the past, when an abnormal symptom occurred on a PC, a user could easily identify a file deletion or crash, and in the process of resolving the problem, found a file suspected of malware and reported it. In the past, the speed of propagation was slow because they were not connected to each other by network, but now, there is no symptom of infection, and it is difficult for users to find and report malware by hiding themselves. Moreover, it hacks well-known web servers and instantly spreads them all over the world.

The only solution is to automatically collect the data quickly and analyze whether it is malicious or not, and the collected data is automatically analyzed and used for privacy. Unlike the early days of reversing only the structure of malicious code, it is now required to analyze and process large amounts of data and to operate servers.

However, since malware is changing to attack a specific class or a specific person rather than an unspecified number, fast collection, fast processing, and quick distribution are not enough. Victims of attacks targeting a small number of victims and specific individuals who are infected before malware is difficult to protect and may be excluded from automatic collection if a limited number is targeted and attacked.

In order to deal with such uncollected and unresolved malicious codes, a reputation base has emerged. In a system that operates on reputation-based systems, it first checks whether a program is safe and not harmful. In this process, several types of program DBs are mainly used. In this case, queries may occur over the network. If it is not confirmed as a safe program, information about this program is downloaded from the server. It allows you to download information such as when the program was discovered, how many people are using it, what people are using it, and what the program is doing.

The new reputation-based technology, unlike its predecessor, displays a warning window but does not display a neutral message with very low frequency and difficult technical content. For example, "An analysis of the file to be installed / downloaded / executed has not been performed yet. "Block until it is analyzed." And encourage the user to make a decision (usually a block). Fast data collection, automatic analysis, and a large white list (whitelist) database allow users to be very uncomfortable if a decision is made wrong. Currently, malware analysis can be handled mostly in tens of minutes or a few days, so new programs do not run for several days until the end of the analysis or only a few programs are used to request a separate request directly from the analysis center.

For operating system updates or popular programs, you can use the white list DB without having to wait for analysis. White list Install only well-known software on a database basis and run only verified programs. In the past, there was no way to build or manage a large amount of white list database database, so the PC was protected with a black list-based product. Done Reputation-based technology protects against malicious code and targeted attacks before analysis.

An object of the present invention is to solve the problems as described above, the white list-based smart to register the application that can be installed on the smartphone in the server to the white list, and to install only the application registered in the white list on the smartphone It provides a method for blocking phone malware and its recording medium.

That is, the purpose of the present invention is to allow a white list, unlike the existing techniques for detecting / treating smartphone malware mainly on mobile vaccines to prevent the spread of infection by analyzing information collected after the infection of malware. It provides a white list based smartphone malicious code blocking method and its recording medium that prevents malicious code infection in advance through malicious application download / installation blocking method to prevent malware based infection.

In order to achieve the above object, the present invention relates to a malicious code blocking method by a malicious code blocking system installed in a smartphone, wherein the malicious code blocking system stores an application list (hereinafter, a white list) that can be installed in the smartphone. Connecting to a server, the method comprising: (a) monitoring whether a new application is installed on the smartphone; (b) if the installation of the application is detected, extracting identification information of the application; (c) transmitting identification information of the application to the server; (d) receiving a result from the server determining whether the application is included in the white list; And (e) if the application is included in the white list, proceeding with the installation of the application.

In addition, the present invention relates to a method for blocking malicious code by a malicious code blocking system installed in a smartphone, the malicious code blocking system is connected to the server for storing the application list (hereinafter white list) that can be installed on the smartphone and The method comprises: (a) monitoring an event occurring in an operating system of the smartphone to monitor whether a new application is installed; (b) if the installation of the application is detected, extracting identification information of the application by analyzing the information of the application; (c) transmitting identification information of the application to the server; (d) receiving a query result for the application from the server and analyzing the query result to determine whether the application is included in the white list; And (e) if the application is included in the white list, proceeding with the installation of the application.

In another aspect, the present invention provides a white list-based smart phone malicious code blocking method, the method, (f) if the application is not included in the white list, receiving a response whether the application is installed through the smartphone step; (g) if a response is received to install, proceeding with the installation of the application; And, (h) canceling the installation of the application if the response is determined to not be installed.

In addition, the present invention is a white list-based smart phone malicious code blocking method, the identification information of the application is characterized in that it comprises the installation file name and installation information of the application.

In addition, the present invention relates to a white list-based smartphone malicious code blocking method by a server having a database for storing a list of applications (hereinafter referred to as a white list) that can be installed on a smartphone, and receiving and responding to a query from the smartphone. (a) receiving a search request of an application from the smartphone; (b) searching for whether a search request application exists in the white list; (c) if the information of the application exists in the white list, sending a response that the application is a verified application; And (d) if the application information does not exist in the white list, sending a response that the application is an unverified application.

The present invention also relates to a computer-readable recording medium recording a program for executing the white list-based smart phone malicious code blocking method.

As described above, according to the white list-based smart phone malicious code blocking method and the recording medium according to the present invention, by unblocking or suspending the installation of malicious applications that may infect the smart phone malware, By installing, the effect of preventing the smartphone from being infected with malware and increasing the security level is obtained.

Specifically, the following effects are obtained.

First, in terms of academics, it is possible to develop a lightweight but practical security technology by applying a reputation-based service concept in consideration of the resource limitations of a portable mobile terminal such as a smartphone.

Second, it can be used in smartphones based on an open operating system (OS), and unlike conventional mobile vaccines, it prevents secondary damage such as infection to other devices as a method to prevent infection in advance and protects user's privacy. It can solve the problem leading to the damage.

1 is a diagram showing an example of the overall system configuration for implementing the present invention.
2 is a flowchart illustrating a method for blocking white code based smartphone malicious code by an application of a smartphone according to a first embodiment of the present invention.
3 is a flowchart illustrating a method for blocking white list-based smartphone malicious codes by an application of a smartphone according to a second embodiment of the present invention.
4 is a flowchart illustrating a method for blocking whitelist based smartphone malicious code by a server according to an embodiment of the present invention.

Description of the Related Art [0002]
10: mobile terminal 21: mobile communication network
22: network 30: anti-malware applications
40: server 50: database
60: content server

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the drawings.

In addition, in describing this invention, the same code | symbol is attached | subjected and the repeated description is abbreviate | omitted.

First, examples of the overall system configuration for implementing the present invention will be described with reference to FIG.

As shown in Figure 1, the entire system for implementing the present invention is composed of a mobile terminal 10, an app server 60, and a malicious code blocking server 40. In addition, it may be configured to further include a database (50) for storing data. In addition, the mobile terminal 10 is installed with a malicious code blocking system 30.

The mobile terminal 10 is a mobile communication terminal having a computing function, such as a smartphone. An open operating system (OS) is installed in the mobile terminal 10, and an application or the like may be installed and executed on the operating system.

The app server 60 is a server that provides an application (or application) to the mobile terminal 10. An application (or an application program) is a mobile app (App) that can be installed and executed in the mobile terminal 10. The application is installed on the mobile terminal 10 and runs on its own.

The mobile terminal 10 may request an application required by the app server 60 and download the requested application. The mobile terminal 10 installs and executes the downloaded application on the device. Alternatively, the mobile terminal 10 may read and install an application contained in a storage medium. Alternatively, the mobile terminal 10 may receive and install an application stored in another terminal through short-range communication such as Bluetooth or Wi-Fi.

The malicious code blocking server 40 is a kind of server, and determines whether the application is malicious code. In particular, the malware blocking server 40 stores a secure application list (hereinafter, a white list) in the database 50. The white list is a list that registers applications in which malicious code does not exist through malware inspection. Therefore, if a specific application is registered (exists) in the white list, the application is guaranteed to be safely installed and executed in the mobile terminal 10 without malicious code. The malicious code blocking server 40 is also used as a white list server 40 in the sense of storing a white list.

The malicious code blocking system 30 is an application (or application) installed in the mobile terminal 10 and monitors the installation of a general application. The malicious code blocking system 30 constantly monitors whether an application is installed in the mobile terminal 10 and detects when an application is to be installed. When detecting the installation of the application, the malware blocking system 30 extracts the information of the application and transmits it to the malware blocking server 40, and requests the stability of the application. In response to the stability of the server 40, the malware blocking system 30 installs an application or performs an installation warning or an installation block.

In this case, the malicious code blocking system 30 performs data communication with the malicious code blocking server 40 through a communication means (not shown) provided in the mobile terminal 10. In addition, the malware blocking system 30 displays the installation warning or installation to the user through the output device (screen, etc.) of the mobile terminal 10, the input device (keypad, touch pad, touch) of the mobile terminal 10 Screens, etc.) to receive commands or selections from the user.

Next, the features of the present invention will be described in more detail.

While the conventional method of detecting / treating smartphone malware mainly on mobile vaccines is to prevent the spread of infection by analyzing the information collected after the infection of the malware, the present invention provides a white list. By preventing malicious application download / installation, it prevents malicious code infection in advance.

Based on a reputation-based service, an allow list (or white list), which is a list of verified applications among applications that can be downloaded by users, is constructed. When a user downloads an application and attempts to install it, the user checks whether the application is registered in a white list and installs it. That is, while the conventional technology uses an existing blacklist as a reputation-based service, the present invention uses a white list as a reputation-based service. It alerts you to the dangers of unverified applications and allows you to suspend installation.

Open mobile operating systems (such as Android OS) handle events that occur when a user downloads an application for installation. Therefore, the white list DB list is compared with the application information, and the installation is verified in advance. That is, the malicious code blocking method according to the present invention checks whether the application is verified before the installation is executed when the user downloads an application to be installed on the mobile terminal 10 such as a smartphone. To do this, request authentication from the White List DB, and warn or block the installation of unverified applications. This prevents the installation of malicious applications that may contain unverified malware and protects your smartphone.

That is, as to whether the verified application is verified, the list of the verified applications is updated in the white list DB built on the reputation and can be confirmed in conjunction with the DB.

In addition, with regard to the suspension of installation and blocking of unvalidated applications, if the application that the user intends to install is not in the white list DB list, the application is warned that the unvalidated application is suspended or blocked.

Next, a method of blocking a white list-based smartphone malicious code by an application of the smartphone according to the first embodiment of the present invention will be described in more detail with reference to FIG. 2.

As shown in FIG. 2, an application executed in the background of the mobile terminal 10 such as a smartphone monitors in real time whether a new application is installed (101).

If the installation of the application is not detected in the mobile terminal 10, such as a smart phone continuously monitors the installation (102). When the installation is detected, information (or identification information) of the application to be installed is obtained (103). As an example, the name of the installation file of the application is extracted. Alternatively, the name, manufacturer, etc. of an application included in the installation file may be extracted. The extracted information (or identification information) is information for identifying an application to be installed.

The application information and the extracted identification information (installation file name, etc.) are transmitted to the white list server (or malware blocking server) 40 (104).

The white list server 40 receives this information and searches whether the corresponding application information exists in the DB 50 (105).

If the information of the corresponding application exists in the white list DB 50 (106), the application is installed as it is (107).

If a response is received that there is no information of the application to be installed in the white list DB 50, a warning message about the application installation is displayed to the user and the user is asked whether to proceed with the installation (108). In response to the user's response (109), the user installs the application if the user continues the installation (107), and cancels the installation if the user does not want to proceed with the installation (110).

Finally, the application is monitored again for installation.

Next, a method of blocking a white list-based smartphone malicious code by an application of a mobile terminal 10 such as a smartphone according to a second embodiment of the present invention will be described in more detail with reference to FIG. 3. That is, FIG. 3 processes an event generated when an application is installed in the mobile terminal 10 such as a smart phone to request whether the application is verified in a white list, and determines whether the user is installed based on the returned value. It is a way to make it.

As shown in Figure 3, when the application is executed in real time to monitor whether the installation event of a new application occurs in the operating system (OS) of the mobile terminal 10, such as a smart phone (201). Preferably, it is executed in the background of the mobile terminal 10 such as a smart phone, so that the user cannot know whether or not to monitor.

If the user executes the installation file for installing a new application, the user detects an event occurring in the OS (202). If the event does not occur, the installation event is continuously monitored in the background of the mobile terminal 10 such as a smartphone.

If the installation of a new application is detected, information of the application is analyzed (203). Based on the analyzed information, identification information such as an installation file name and other information of the application is extracted (204).

The interlocking operation for communicating with the white list server 40 is performed (205). When the interworking is completed, the extracted application information is transmitted to the white list server (206).

The white list server 40 retrieves the transmitted information from the DB 50 and returns the result value to the mobile terminal 10 such as a smartphone (207).

When the mobile terminal 10, such as a smartphone, receives the result value of the query transmitted to the white list for the application information (208), the value is analyzed and the verified application present in the white list. It is determined whether or not (209).

If the application information exists in the white list, the installation proceeds without outputting a separate warning message to the user, and when the installation is completed, the installation event of the new application is monitored again (210).

If the user is not listed, the user outputs a warning message and waits to receive a response to install. Receive a response 212 if the user wishes to proceed with the installation. If the user wants to install, proceed with the installation, if the user refuses to install, cancel the installation of the application and delete the installation file (213).

After the installation is canceled, new application installation is monitored in real time, and when a new application installation event is detected, the method is checked again.

Next, a method of blocking a white list-based smartphone malicious code by an application of the smartphone according to an embodiment of the present invention will be described in more detail with reference to FIG. 4. 4 is a method in which the malicious code blocking server 40 processes the request of the application of the mobile terminal (smartphone, etc.) 10.

As shown in FIG. 4, the DB 50 is built in the white list server 40 and monitors whether a DB search request message of an application operating in the mobile terminal 10 such as a smartphone is received (301). ).

When a query comes in from the mobile terminal 10 such as a smartphone 302, the server 40 interworks with the DB 50 303, and searches whether the application that received the search request among the data stored in the DB 50 is in the list. (304)

The white list checks whether the information of the corresponding application exists in the DB 50 (305). If the information of the application is stored in the list, and sends a response that the verified application to the mobile terminal 10, such as a smartphone (306). If it does not exist in the list, it sends a response that the application is not verified to the mobile terminal 10, such as a smartphone (307).

After completing the response to the mobile terminal 10, such as a smart phone, it is monitored whether the application information search request is received again.

As mentioned above, although the invention made by this inventor was demonstrated concretely according to the Example, this invention is not limited to an Example and can be variously changed in the range which does not deviate from the summary.

The present invention is useful for developing an application for a smartphone that registers and stores an application installable on a smartphone in a white list on a server, and installs only the application registered in the white list on a smartphone.

Claims (6)

A malicious code blocking method by a malicious code blocking system installed in a smartphone, the malware blocking system is connected to a server that stores a list of applications (hereinafter white list) that can be installed on the smartphone, the method,
(a) monitoring whether a new application is installed on the smartphone;
(b) if the installation of the application is detected, extracting identification information of the application;
(c) transmitting identification information of the application to the server;
(d) receiving a result from the server determining whether the application is included in the white list; And,
(e) if the application is included in the white list, the white list-based smart phone malicious code blocking method comprising the step of proceeding with the installation of the application.
A malicious code blocking method by a malicious code blocking system installed in a smartphone, the malware blocking system is connected to a server that stores a list of applications (hereinafter white list) that can be installed on the smartphone, the method,
(a) monitoring an event occurring in an operating system of the smartphone to monitor whether a new application is installed;
(b) if the installation of the application is detected, extracting identification information of the application by analyzing the information of the application;
(c) transmitting identification information of the application to the server;
(d) receiving a query result for the application from the server and analyzing the query result to determine whether the application is included in the white list; And,
(e) if the application is included in the white list, the white list-based smart phone malicious code blocking method comprising the step of proceeding with the installation of the application.
The method of claim 1 or 2, wherein the method comprises
(f) if the application is not included in the white list, receiving a response indicating whether the application is installed through the smart phone;
(g) if a response is received to install, proceeding with the installation of the application; And,
(h) if the response is not installed, white-based smart phone malicious code blocking method further comprising the step of canceling the installation of the application.
The method according to claim 1 or 2,
Identification information of the application is a white list-based smartphone malicious code blocking method comprising the installation file name and installation information of the application.
In the white list-based smart phone malicious code blocking method by a server having a database that stores a list of applications (hereinafter referred to as a white list) that can be installed on a smart phone, and receiving and responding to a query from the smart phone,
(a) receiving a search request of an application from the smartphone;
(b) searching for whether a search request application exists in the white list;
(c) if the information of the application exists in the white list, sending a response that the application is a verified application; And,
and (d) if the information of the application does not exist in the white list, sending a response indicating that the application is an unverified application.
A computer-readable recording medium recording a program for executing the white list-based smart phone malicious code blocking method according to any one of claims 1 to 5.
KR1020110005583A 2011-01-19 2011-01-19 A smartphone malicious code blocking method based on white list and the recording medium thereof KR20120084184A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110005583A KR20120084184A (en) 2011-01-19 2011-01-19 A smartphone malicious code blocking method based on white list and the recording medium thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110005583A KR20120084184A (en) 2011-01-19 2011-01-19 A smartphone malicious code blocking method based on white list and the recording medium thereof

Publications (1)

Publication Number Publication Date
KR20120084184A true KR20120084184A (en) 2012-07-27

Family

ID=46715194

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110005583A KR20120084184A (en) 2011-01-19 2011-01-19 A smartphone malicious code blocking method based on white list and the recording medium thereof

Country Status (1)

Country Link
KR (1) KR20120084184A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101286711B1 (en) * 2013-03-28 2013-07-16 주식회사 이스턴웨어 System and method for preventing malicious codes of mobile terminal
WO2014058211A1 (en) * 2012-10-08 2014-04-17 주식회사 안랩 Computer system and method of using white list of said computer system
KR200473812Y1 (en) * 2014-04-07 2014-08-01 김범수 USB flash memory for publicity
KR101472321B1 (en) * 2013-06-11 2014-12-12 고려대학교 산학협력단 Malignant code detect method and system for application in the mobile
KR101483107B1 (en) * 2013-04-02 2015-01-15 비젠 주식회사 Method for managing software install and system realizing it
KR20150008033A (en) * 2014-12-30 2015-01-21 주식회사 안랩 Method and apparatus for inspecting malicious code of a mobile terminal
KR101628837B1 (en) 2014-12-10 2016-06-10 고려대학교 산학협력단 Malicious application or website detecting method and system
KR101693249B1 (en) 2015-09-08 2017-01-06 충북대학교 산학협력단 System and method for managing application
US9680853B2 (en) 2014-06-26 2017-06-13 Samsung Electronics Co., Ltd Apparatus and method for preventing malicious code in electronic device
US9967702B2 (en) 2015-08-12 2018-05-08 Samsung Electronics Co., Ltd. Method of managing application and electronic device therefor
KR101876458B1 (en) * 2016-11-17 2018-07-09 주식회사 에스티유니타스 Method, apparatus and appication for displaying educational contents
US10380378B2 (en) 2015-09-24 2019-08-13 Samsung Electronics Co., Ltd. Apparatus and method for protecting information in communication system
CN112434297A (en) * 2020-12-29 2021-03-02 成都立鑫新技术科技有限公司 Method for detecting mobile phone security in public place

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014058211A1 (en) * 2012-10-08 2014-04-17 주식회사 안랩 Computer system and method of using white list of said computer system
KR101286711B1 (en) * 2013-03-28 2013-07-16 주식회사 이스턴웨어 System and method for preventing malicious codes of mobile terminal
KR101483107B1 (en) * 2013-04-02 2015-01-15 비젠 주식회사 Method for managing software install and system realizing it
KR101472321B1 (en) * 2013-06-11 2014-12-12 고려대학교 산학협력단 Malignant code detect method and system for application in the mobile
KR200473812Y1 (en) * 2014-04-07 2014-08-01 김범수 USB flash memory for publicity
US9680853B2 (en) 2014-06-26 2017-06-13 Samsung Electronics Co., Ltd Apparatus and method for preventing malicious code in electronic device
KR101628837B1 (en) 2014-12-10 2016-06-10 고려대학교 산학협력단 Malicious application or website detecting method and system
KR20150008033A (en) * 2014-12-30 2015-01-21 주식회사 안랩 Method and apparatus for inspecting malicious code of a mobile terminal
US9967702B2 (en) 2015-08-12 2018-05-08 Samsung Electronics Co., Ltd. Method of managing application and electronic device therefor
KR101693249B1 (en) 2015-09-08 2017-01-06 충북대학교 산학협력단 System and method for managing application
US10380378B2 (en) 2015-09-24 2019-08-13 Samsung Electronics Co., Ltd. Apparatus and method for protecting information in communication system
KR101876458B1 (en) * 2016-11-17 2018-07-09 주식회사 에스티유니타스 Method, apparatus and appication for displaying educational contents
CN112434297A (en) * 2020-12-29 2021-03-02 成都立鑫新技术科技有限公司 Method for detecting mobile phone security in public place
CN112434297B (en) * 2020-12-29 2024-02-20 成都立鑫新技术科技有限公司 Method for detecting safety of mobile phone in public place

Similar Documents

Publication Publication Date Title
KR20120084184A (en) A smartphone malicious code blocking method based on white list and the recording medium thereof
Ahvanooey et al. A survey on smartphones security: software vulnerabilities, malware, and attacks
Jeon et al. A practical analysis of smartphone security
Seo et al. Detecting mobile malware threats to homeland security through static analysis
Bugiel et al. Xmandroid: A new android evolution to mitigate privilege escalation attacks
US20210264030A1 (en) Integrated application analysis and endpoint protection
EP2769324A1 (en) System and method for whitelisting applications in a mobile network environment
WO2014168954A1 (en) Security policies for loading, linking, and executing native code by mobile applications running inside of virtual machines
EP2769327A1 (en) System and method for whitelisting applications in a mobile network environment
GB2505284A (en) Anti-ransomware tool for mobile apparatus
Choi et al. Personal information leakage detection method using the inference-based access control model on the Android platform
Schmidt et al. Malicious software for smartphones
Ito et al. Detecting privacy information abuse by android apps from API call logs
KR20160039234A (en) Systems and methods for enhancing mobile security via aspect oriented programming
CN113987468A (en) Security check method and security check device
Agematsu et al. A proposal to realize the provision of secure android applications--adms: An application development and management system
KR20160145574A (en) Systems and methods for enforcing security in mobile computing
Bezobrazov et al. Artificial immune system for Android OS
Blasco et al. Detection of app collusion potential using logic programming
Aldoseri et al. A Tale of Four Gates: Privilege Escalation and Permission Bypasses on Android Through App Components
Ugus et al. A leaky bucket called smartphone
Karthick et al. Static analysis tool for identification of permission misuse by android applications
Yıldırım et al. A research on software security vulnerabilities of new generation smart mobile phones
Yan et al. ActivityShielder: an activity hijacking defense scheme for Android devices
Faqiry et al. SCRUTINIZING PERMISSION BASED ATTACK ON ANDROID OS PLATFORM DEVICES.

Legal Events

Date Code Title Description
A201 Request for examination
E601 Decision to refuse application